Encryption Method for Sip Message and Encrypted Sip Communication System

1. An encrypted data communication system having at least two apparatuses connected via a network for transmitting/receiving encrypted data, each apparatus comprising a processor to implement an encryption function module for generating encrypted data and for decrypting encrypted data received from another apparatus, and a communication functional module for communicating with the another apparatus via the network to transmit/receive encrypted data, wherein: each apparatus further comprises a storage storing session information including shared encryption key information for an encryption process and shared decryption key information for a decryption process, the shared encryption key information and the shared decryption key information being respectively shared with the another apparatus; the encryption function module to be implemented by the processor generates the shared decryption key information in the session information, acquires the shared decryption key information from the session information, and generates encryption data containing upper layer protocol data and the shared decryption key information as reception key information; the encryption function module to be implemented by the processor extracts a reception key information from received encrypted data and stores the received reception key information as the shared encryption key information; encrypted data generated by the encryption function module is encrypted by using the shared encryption key information in the session information if the shared encryption key information is valid; and the encryption function module decrypts the encrypted data by using the shared decryption key information acquired from the session information.

2. The encrypted data communication system according to claim 1 , wherein: each apparatus further comprises a public key database storing a public key of another apparatus and a public key pair database of storing a private key of the apparatus; if the shared encryption key information received from the reception side apparatus cannot be acquired from the session information, the encryption function module acquires the public key from the public key database and generates the encrypted data encrypted by using the public key; and the encryption function module decrypts the encrypted data by using the private key acquired from the public key pair database.

3. The encrypted data communication system according to claim 2 , wherein: the encryption function module adds a digital signature to the encrypted data by using the private key acquired from the public key pair database; and the encryption function module executes a verification process for the digital signature added to the encrypted data by using the public key of the transmission source apparatus acquired from the public key database.

4. The encrypted data communication system according to claim 2 , wherein: each apparatus includes a SIP client and a SIP server each provided with a SIP functional module of generating and processing a SIP message; the upper layer protocol data to be encrypted and decrypted by the encryption function module is the SIP message; and when the SIP functional module of the SIP client generates a REGISTER message, the encryption function module of the SIP client generates the encrypted data including the REGISTER message by using the public key acquired from the public key database.

5. The encrypted data communication system according to claim 4 , wherein: an expiration time is set to the shared encryption key information and the shared decryption key information; and the SIP functional module of the SIP client generates the REGISTER message if the expiration time of either the shared encryption key information or the shared decryption key information expires.

6. The encrypted data communication system according to claim 3 , wherein: each apparatus further comprises a SIP functional module of processing a SIP message; the upper layer protocol data to be encrypted and decrypted by the encryption function module is the SIP message; the public key database is provided with a function of managing a correspondence between a SIP identifier and the public key; the encryption function module passes the SIP message obtained by decrypting the encrypted data and the SIP identifier corresponding to the public key used for decrypting the SIP message, to the SIP functional module; and the SIP functional module processes the SIP message if the SIP identifier is coincident with the SIP identifier of a transmission partner contained in the SIP message.

7. An encrypted data communication method for at least two apparatuses connected via a network for transmitting/receiving encrypted data, wherein: each apparatus comprises a processor to implement an encryption function module for generating encrypted data and for decrypting encrypted data received from another apparatus; and a communication functional module for communicating with the another apparatus via the network to transmit/receive encrypted data, and each apparatus includes a storage, the method comprising the steps of: storing in the storage of an apparatus session information including shared encryption key information for an encryption process and shared decryption key information for a decryption process. the shared encryption key information and the shared decryption key information being respectively shared with the another apparatus; in the encryption function module to be implemented by the processor, generating the shared decryption key information in the session information, acquiring the shared decryption key information from the session information, and generating encryption data contain upper layer protocol data and the shared decryption key information as a reception key information encrypted by using the shared encryption key information in the session information if the shared encryption key information is valid; in the encryption function module to be implemented by the processor, extracting a reception key information from received encrypted data and storing the received reception key information as the shared encryption key information; and in the encryption function module, decrypting the encrypted data by using the shared decryption key information acquired from the session information.

8. An encrypted data communication method according to claim 7 , wherein: the reception key information contained in the encrypted data is shared encryption key information to be used for an encryption function module on a reception side apparatus of the encrypted data to generate encrypted data after receiving the encrypted data.

9. An encrypted data communication method according to claim 8 , wherein: the encrypted data to be generated is data encrypted by using the shared encryption key information if the shared encryption key information is already notified from the reception side apparatus.

10. An encrypted data communication method according to claim 8 , wherein: the encrypted data to be generated is data encrypted by using a public key of the reception side apparatus if the shared encryption key information is still not notified from the reception side apparatus.

11. An encrypted data communication method according to claim 9 , wherein: the encryption function module signs the encrypted data electronically by using a private key of a transmission source apparatus.

12. An encrypted data communication method according to claim 10 , wherein: the upper layer protocol data is a SIP message, and the encryption function module generates the encrypted data by using the public key of the reception side apparatus when a REGISTER message is to be transmitted.

13. An encrypted data communication method according to claim 7 , wherein: the encryption function module on the one of the apparatuses uses the reception key information as shared decryption key information to decrypt received data after receiving the encrypted data.